Vice President for Innovation and Technology at IMANI Africa, Selorm Branttie, has criticised the 2025 Cybersecurity (Amendment) Bill, describing it as ambiguous and potentially oppressive.

In an interview with Joy FM, he observed that several sections of the draft law are vaguely written and overly broad, making it challenging to separate minor online infractions from serious cyber offences.

Mr. Branttie warned that such lack of clarity could lead to misinterpretation and abuse, allowing ordinary digital activities to be unfairly criminalised.

“A lot of the lettering for the Cybersecurity Bill, for example, is ambiguous in terms of the kinds of offenses that are being discussed and the ramifications for you being seen as contravening some of these offences makes them draconian, makes it unsuitable for the current day and age and society that we have" he said on

“You are looking at things that could either be minor or major, and bottling it up into just one category and then criminalising all of it."

Mr. Branttie noted that several Ghanaians maintain additional social media profiles or alternative online identities for valid purposes such as protecting their privacy or adhering to workplace policies.

He explained that, as the bill currently stands, such practices could easily be misconstrued as dishonest or unlawful.

According to him, the absence of precise definitions and a clear categorisation of offences could give authorities undue power, potentially paving the way for the harassment of individuals, journalists, or political critics under the pretext of enforcing cybersecurity measures.

“It’s a dangerous to have laws like this, or some of the stipulations in laws like this dictating the what should be the government’s response or the security aparatus' response to some of these things that happen digitally because in the wrong hands, this could be used to abuse the personal rights of many indivuduals and could be used to target people percieved as political opponents or people perceived as not liked by anybody who is in authority,” he explained.

Mr. Branttie called on Parliament to carefully revise the language of the bill before its approval to ensure it maintains a fair balance between strengthening national cybersecurity and upholding citizens’ online rights.

He recommended that legislators work closely with technical professionals, civil society groups, and private sector stakeholders to refine the scope of offences, classify their severity, and establish transparent oversight systems.

IMANI Africa, a policy think tank recognised for its advocacy in governance and technology, has long championed openness and fairness in the formulation of Ghana’s digital regulations.

The 2025 Cybersecurity (Amendment) Bill aims to update the Cybersecurity Act, 2020 (Act 1038) by addressing new digital threats, reinforcing the country’s online security systems, and expanding enforcement authority for state institutions.

Nonetheless, sections of the public and digital rights organisations caution that certain provisions, if not properly clarified, could threaten privacy, restrict free speech, and compromise data protection.

The draft legislation is presently under review by Parliament’s Communications Committee, with stakeholder engagements expected to continue in the coming weeks.

Ghana has witnessed a sharp rise in financial damage caused by online sextortion and blackmail, with losses hitting GH¢499,044 within the first four months of 2025.As per data by the Cyber Security Authority (CSA) this is nearly five times the GH¢103,663 recorded over the same period in 2024, pointing to an alarming trend in digital exploitation.

In its recent advisory, the Authority revealed a slight uptick in the number of reported incidents from January to April 2025, surpassing the 155 cases logged during the comparable period last year.

These schemes are typically launched through fake social media profiles—often using attractive images to entice users into romantic exchanges.

Once trust is established, victims are coerced into sharing intimate visuals, which are then weaponized to extort money.

Perpetrators usually demand mobile money payments under threat of publishing the explicit material. But paying doesn’t always end the torment—victims often face continued harassment even after fulfilling ransom demands.

To cover their tracks, scammers frequently move chats to encrypted apps like WhatsApp, Telegram, or Signal, making detection more difficult.

The CSA has advised the public to exercise caution by avoiding interactions with unknown digital identities, refraining from sharing any explicit content online, and reporting any suspicious encounters through its round-the-clock support services.

Since the start of January 2023, victims targeted by online impersonation have incurred substantial losses amounting to GH¢49.5 million, as reported by the Cyber Security Authority (CSA).

Online impersonation, also known as identity theft, involves malicious actors adopting the persona of notable figures such as politicians, businesspeople, government officials, diplomats, or reputable brands. This is done either for financial gain or to subject victims to harassment, intimidation, or threats.

The CSA recently issued an official public warning, revealing that between January and July of 2023, they received a total of 58 reports regarding online impersonation cases. These incidents have resulted in victims collectively losing an alarming sum of GH¢49.5 million.

This development follows a joint operation carried out by the Economic and Organised Crime Office (EOCO), the Bank of Ghana (BoG), and the Cyber Security Authority (CSA). This operation involved raids on illicit lending applications at three separate locations in Accra, which led to the arrest of 422 suspects. The task force's investigations encompassed 270 cases involving cyberbullying, fraud, extortion, and the misuse of customer data.

These investigations unveiled 150 unlicensed digital loan application platforms. The operators of these platforms were found to be engaged in disconcerting practices, including issuing death threats and unauthorized sharing of private messages, images, and videos. These actions were made possible by exploiting permissions unwittingly granted by unsuspecting victims on their digital platforms.

Modus operandi

As detailed in the alert, impostors employ deceptive strategies by fabricating false profiles or accounts that mimic legitimate individuals or well-known brands. They use coercive techniques to push their unsuspecting victims, including associates and business partners, into making impulsive decisions without thorough consideration.

Online impersonation can manifest in various forms, such as job and recruitment scams. In these scenarios, scammers pretend to be government agencies or reputable employers, offering attractive job opportunities that demand victims to part with money or reveal personal information.

Another common scheme is advance fee fraud, where scammers pose as wealthy businesspeople, representatives of respected companies, government entities, or distant relatives. They convince victims to make upfront payments for goods, services, or financial gains that ultimately never materialize.

Furthermore, the investment scam involves impostors presenting themselves as investment service providers, financial advisors, or fund managers. They make alluring pledges of substantial profits with minimal risk, which ultimately serve as tactics to defraud victims.

Lastly, contract scams involve scammers impersonating entities responsible for awarding contracts, often masquerading as representatives of government agencies. They dangle the promise of non-existent contracts, demanding fees in exchange for these fictitious opportunities.

Recommendations

Consequently, the CSA strongly advises the general public to exercise caution when it comes to unsolicited communications, particularly those originating from unknown sources or individuals.

“Be suspicious of any promise of jobs, protocol advantage for recruitment slots, financial gains, gifts or lucrative opportunities. Genuine government officials would not contact anyone via social media to offer them a job or contract,” it said in the alert.

The public is strongly encouraged to exercise careful consideration and carry out thorough investigations to confirm the authenticity of both individuals and organizations before participating in any financial dealings.

Furthermore, individuals are advised to promptly report any suspicions regarding impersonators or scammers to the appropriate law enforcement authorities within the country. Alternatively, they can report such incidents to the Cyber Security Authority's (CSA) 24-hour cybersecurity incident-reporting contact points. These avenues can be used to report cybercrimes, as well as to seek guidance and support for online activities.